The discovery that Adobe sent personal information such as reading log of e-books to server without encrypting

Adobe is an e-book reader on September 8, 2014Adobe Digital EditionsIt becomes the latest version of "Adobe Digital Editions 4.0(DE4), but because of anonymous hacker information, the user'sMetadataAnd other personal information was found to have been sent to Adobe's server in the state of unencrypted plain text (plaintext).

Adobe is Spying on Users, Collecting Data on Their eBook Libraries - The Digital Reader
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/#.VDP-8ildW2_


Adobe Responds to Reports of Their Spying, Offers Half Truths and Misleading Statements - The Digital Reader
http://the-digital-reader.com/2014/10/07/adobe-responds-reports-spying-half-truths-misleading-statements/#.VDRpCvldWIV

According to The Digital Reader, an anonymous hacker was investigating the "DE 4" DRM for educational purposes and found that we were sending a large amount of user data to the server. The Digital Reader conducted an investigation and found that the transmitted data was readily available for viewing by server administrators and others since the data was sent to Adobe's server in plain text at the time of application startup.


According to Ars Technica, The information gathered by the application of DE4 is the reading log such as "what pages have been read", "how long have you read it", "how far you read", "the title and author of the e-book in the local library", "self-published Scan metadata of the electronic book in the HDD of the connected PC with metadata such as "history", "purchased electronic book", "user ID", "device ID", "guarantee ID of application", "IP address of device" It is also confirmed that it is.


About this matter The Digital Reader inquired Adobe, Adobe admitted that it was collecting data from DE 4, "Although it was gathered for verification of DRM license, end user license agreement And in line with the Adobe privacy policy. " Since the law on privacy varies from country to country, it is being investigated whether the law is against or not, but Ars Technica says "It is not possible to explain that it collects document data that DRM does not apply "It points out.

In response to Adobe's comments, the Electronic Frontier Foundation, "Adobe has access to all the user's library data, although the size of the problem is uncertain, it can be a big problem." Sony made several years ago to music filesFailed attempting DRMHowever, the situation is very similar, it is analyzed that it is dangerous for readers, authors, publishers to apply DRM to e-books.

In addition, Adobe is preparing an update to solve this problem.